Search

Subscribe

NSA Spying on Online Gaming Worlds

The NSA is spying on chats in World of Warcraft and other games. There's lotsofinformation -- and a good source document. While it's fun to joke about the NSA and elves and dwarves from World of Warcraft, this kind of surveillance makes perfect sense. If, as Dan Geer has pointed out, your assigned mission is to ensure that something never happens, the only way you can be sure that something never happens is to know everything that does happen. Which puts you in the impossible position of having to eavesdrop on every possible communications channel, including online gaming worlds.

One bit (on page 2) jumped out at me:

The NMDC engaged SNORT, an open source packet-sniffing software, which runs on all FORNSAT survey packet data, to filter out WoW packets. GCHQ provided several WoW protocol parsing scripts to process the traffic and produce Warcraft metadata from all NMDC FORNSAT survey.

NMDC is the New Mission Development Center, and FORNSAT stands for Foreign Satellite Collection. MHS, which also appears in the source document, stands for -- I think -- Menwith Hill Station, a satellite eavesdropping location in the UK.

Since the Snowden documents first started being released, I have been saying that while the US has a bigger intelligence budget than the rest of the world's countries combined, agencies like the NSA are not made of magic. They're constrained by the laws of mathematics, physics, and economics -- just like everyone else. Here's an example. The NSA is using Snort -- an open source product that anyone can download and use -- because that's a more cost-effective tool than anything they can develop in-house.

Barnyard: Its really important in understanding what the NSA/GCHQ does.

They have a much bigger budget (for development, for purchasing exploits, for purchasing installations) and the ability and willingness to place their devices in otherwise unaccessable networks, and a willingness to willfully violate the law [1] in the process, but as Schneier ably puts it, its not magic.

The NSA and GCHQ has the same "network physics" limitations the rest of us do, and their use of open source tools shows it. It means that, despite the massive budgets, they can't do something fundamentally better in house. So instead they just do what everyone else would do, write rules for an open-source IDS.

[1] NSA apologists will argue that the NSA operates within the bounds of the law. Even if true, they neglect the important caveat: US law, that is. I'm pretty certain that a huge amount of the NSA's activity is considered grossly illegal (if not perhaps an act of war) under the victim countries' laws.

Its also really important for building defenses against the spook shows. Regardless of what you think about the NSA, their behavior has now said its OK for a whole UN full of adversaries to do the same thing.

So even if you believe that the NSA/GCHQ is a wholly benign organization, and you are protected by being a US/UK citizen, by their widespread attacking (including economic targets), they've effectively said to the Chinese, French, Russians, Israelis, Brazilians, heck everybody [1], that well, anybody is a valid target for not just monitoring but attack as well.

In defending against the spooks, its really useful to understand that they operate under the same technical constraints that everybody else does. The use of Snort is just but one good example. [2]

[1] And if your country doesn't have the internal skills, please contact your local Vupen, Gamma Internation, and Hacking Team sales representatives. Operators are standing by...

[2] Well, actually... It suggests that the spook show could use some improvement. I would have switched to Bro for collection once the cluster/parallelization code was stable a few years back, its a much better tool for what they need.

So the first thing to do is don't discuss secret things where they can be overheard! As such, that means nobody is going to go online and start blabbing in plain text about plans to attack something, especially with the omniscient US agencies sticking their nose into everything.

The paper in question also points out that terrorist organizations are raising money by selling games, and operating companies. As for promotion of anti-US efforts through games, like well, duh! Of course they are going to use that as an avenue.

But what I want to see is, is there really any terrorist planning going in the games?

Aside from Hollywood films, I can't imagine a bunch of terrorist leaders having a video phone conference. Hello, who owns the network? How many times has someone been blown up because they simply had their cell phone on?

I keep hearing that the terrorists have been using dead drops and such. You know who else uses dead drops? Geocachers. There's another dead-drop hobby where diaries or journals are left in hidden spots, too. I suppose there will be something in the documents about that. But, of course, it would require the NSA to leave their offices, so that's why WOW, et al, are more popular.

The gold in popular online gaming worlds actually serve as a useful way to launder money. I had a credit card stolen a few years ago, and the thief used the card to purchase gold (from Amazon) for a popular online game. I imagine it Is easy to pass the gold from player to player inside the game and then resale it. Maybe a log of chats and transactions would serve to combat this type of activity.

I would expect that the NSA would be looking at something like the freenetproject.org encrypted network, not screwing around with online games.

The NSA is supposed to be ferreting out real terrorists, not spending time and cash on crap like this. As your own example indicates, nobody with a brain is using the public internet, in plain text, to do their dirty work. Nobody with a brain is that stupid. It would be like doing a drug deal in the lobby of the police station on live TV, with duffel bags of cash and heroin. Instead, the FBI was investigating a group using an independent network, custom software and encryption.

Years ago I read an article by an alleged sysadmin for the mob. He discussed how he had set up the systems with encrypted drives, encrypted VOIP, the operating systems used, and on and on. If the mob has been taking precautions like that for years, how can anybody expect that WOW, et al, would be seriously used by terrorist organizations?

To ensure "that something never happens" in a random universe of happenings is impossible.

So, the government has allowed itself the classic mission impossible which is fine for a TV series, but not in the real world.

Adults are supposed to know attempting the impossible may cost a great deal of money and require illegal and inhumane methods. Or, as in the case of spying on teenie-boppers playing games, doing something costly, illegal and plain stupid.

Giving the government the general authority to ransack the entire electronic world in search of the impossible is ridiculous and simply not right.

Indeed, unchecked abuse is not consistent with even the most basic functions of a democracy.

If this keeps up we will descend to destitution and anarchy in short order.

Frankly, I must admit, that's exactly what a lot of people want these days.

The Snort bit is interesting and new info afaik. I'm confused that the media at large is jumping on this now. FBI & NSA have been been suspicious of and actively investigating online worlds as platforms for communication by terrorist cells for a long time, and not secretly.

Well using WoW is not as crazy as what I heard in this documentary series "Weird or what?" yesterday. The particular episode contained a brief segment on the "Stargate Project" and how it had supposedly been successful in some instance of letting the military know about some new Soviet submarine at a base in Russia.

Anyway they made a brief statement that the US government had relaunched the psychic operations after 9/11.

Admittedly though I do not believe psychic operations (even if 1. real, and 2. practical) scale very well. So for mass surveillance they will still be impractical.

But it seems that the US government is willing to try anything, no matter how farfetched;-) In the end this will probably be, if nothing else, a de facto dictatorship.

In 2008, I was asked to be part of a panel at Modsim World in Virginia Beach. Topic: Virtual Worlds for Defence."

My points relevant here were:
1) Rory Stewart walked across Afghanistan; i.e., there is no substitute for direct contact
2) the intel is also found in social networks whose products like Twitter have a lower barrier to entry; i.e., you don't have to build and maintain an avatar; rather a persona - easily done. WOW is hugely popular with women as well as men, but monitoring social networks; i.e., Linked In, Facebook, Twitter etc. may deliver more immediate results.

Which puts you in the impossible position of having to eavesdrop on every possible communications channel

I suppose infiltrating WoW and Second Life (NERDINT) to the average agent is much more appealing than being assigned to monitoring pigeon post and pigeon racing. I wonder if this undoubtedly very specialised unit (DOVEINT) uses falcons or drones to intercept the birds. And let's not forget about telepath terrorists (PSYCHINT) either. You never know when those will strike.

Case 1: somebody in Afghanistan and Syria just started an encrypted conference call with 4 people in the USA whose ISP records Arabic looking names. Better add them to the list.

Case 2: 100s of people in internet cafes in Pakistan, 1000s in Syria, 100,000s in China are chatting in WoW with 1,0000,000s in America. We have identified them by their online names as L333t27, NinjaKid, Ogre72 etc etc. Which ones do we watch?

If we want to stop third parties from doing things that we don't wish to happen and these same third parties have a large but limited financial budget, change the terms of the GPL to not allow use by these parties. Make them pay $50K per installation. That would take a chunk out of their available budget.

They're already doing the same thing and much worse. Where have you been. The Chinese government put logic bombs all through out America's electrical grid and has stolen from over 120 companies in America as well as over 30 in other countries. Russia has used botnets to shut down the entire networks of 2 different nations so far and had a program of stealing intellectual property rights. N. Korea attempted to shutdown the financial system, as well as others, in America and S. Korea and has stolen intellectual property rights and security information from S. Korea.

The list goes on and on really. The NSA are just the vanilla guys collecting intelligence information. They're doing practically nothing in comparison to the other groups out there.

S. Korea and has stolen intellectual property rights and security information from S. Korea.
Gavin
--Off w/ their heads for stealing from themselves! All global spying is evil done by all nations on other nations for economic and military purposes. The world is too small for this thinking and we're going to all die here if we don't stop it before it's too late.

@Gavin : Interesting, but do you have ANY proof or at least credible reports for all of this ?

I don't want to be picky, but in an intelligent discussion you really need something to back up your assertions. Otherwise it just sounds like good ol' Rambo-style "baddies are attacking America !" stuff.

N. Korea attempted to shutdown the financial system, as well as others, in America and S. Korea and has stolen intellectual property rights and security information from S. Korea.

It's funny in many respects that S.Korea has some of the harshest tarrifs for IP theft in the technological advanced nations as a bunch of Israeli employed "industrial spys" are finding.

As for North -v- South Korea it's a Chines-US proxie war that the US cannot let go of and China inherited from the Russians and in many ways the Chinese wish would just go away. Many South Koreans are glad that there previous premier has gone because some think he was certifiable. Basicaly he used almost any excuse to ratchet up tenssion between the North and South and in many peoples views was encoraged to do so by US War Hawks.

North Korea is a very difficult target for Cyber espionarge/sabotage as they practice "air-gap" segregation as a matter of (political not security) policy. It's also fairly certain that North Korea belive that they were the ultimate target for stuxnet due to their technology swaps with Iran. And it's noticable to many South Korean's that the supposed attacks from the North occured after various US backed activities against the North occured, and at one point there was some speculation that the attacks on the South were not from the North but the US to give the previous premier an excuse for his behavior.

Further when the previous S.Korean premier was ratcheting things up quite a few S.Korean business people believed that there was a higher risk of US hostilities towards the North "going hot" than US-Iran going hot. Most of the S.Koreans I know are fully aware that if hostilities re-open between the North and South that they will without doubt be the losers even in the unlikely event they were to win officialy. As one pointed out the North and the South need each other, the South needs the manpower in the North, and the North needs the forign currancy and technelogical success of the South, and they hope for re-unification in part if not whole. Which is why they felt the biggest blow was not the cyber attacks but the closing of the Kaesong Industrial Complex in April this year. Kaesong is seen as a future model by which the Korea's can take on the Chinese low end exports of consumer items such as shoes, tee shirts, watches etc enabaling the north to get a step up on the ladder away from their current mainly subsitance agrerian culture.

Yesterday I got an email from the Russian branch of Samsung with a job offer for a position in S. Korea. It looked quite legitimately, it likely wasn't a phishing attempt. It even offered a relocation package. l have almost laughed my belly off.

Yesterday I got an email from the Russian branch of Samsung with a job offer for a position in S. Korea. It looked quite legitimately, it likely wasn't a phishing attempt.

It likely was not. Oddly or coincidently I know two people who work for them. One was a Russian young lady who some years ago was studying at a London University, the other another young lady who worked for a S.Korean telecoms company I worked for some years ago (I was UK based). Both now work in the same building... (not that I've told them).

Samsung have a minor problem in Russia it appears that Nokia products are selling slightly better and thus Samaung have a bit of a push on at the moment and are recruiting. You can check and see if the job is real on their jobs site,

@W "Thanks god the NSA protects us. Thus, there has never been a serious terrorist attack in the World of Warcraft"

Anders Breivik played World of Warcraft and posted a number of very long rants about European racial purity and violent revolution. Perhaps that has something to do with their interest in the community.

@Brian M. "So the first thing to do is don't discuss secret things where they can be overheard! "

I would love to know just how long it takes to convince somebody without an intuitive grasp of boolean mathematics just how important cryptography is for them and how to use it (see especially the gyrations Snowden went through trying to get people to accept his encrypted data). As far as how long it takes to teach them to use it *all* *the* *time*, well if the information regarding how Dread Pirate Roberts was caught is at all correct, I would say longer than than it takes for them to be caught.

This isn't to say that the NSA employee's motivation isn't about leveling their latest paladin on Uncle Sam's dime, but expect plenty of wheat in the chaff. If they don't have the keys to break the encryption being used (or know which crypto stream to watch) then they have to wait for someone to say something "interesting" on an open line.

Superficial anonymity is common. IRC provides that kind of anonymity, and is probably better than WOW for someone who really wants to be anonymous. If someone wants to post anonymously on a blog, they can do that, too. Maybe Al Quaeda is transferring terror information through spam posts on this blog! You never know, do you?

The funny thing with that offer was that I don't live in Russia, so it was quite a blind shot. From your words it looks like they're rather desperate, so maybe they're really trying to target anybody on the continent that looks mildly competent. Anyway it was probably the strangest job offer I got ever (not counting attempted scam, of course).

You know... If a bunch of wannabe terrorists existed, and wanted to talk, then getting together at regular intervals means traveling, hotels, meals, etc. Even in the same city you have gas consumption or buses or taxis or automatic face identifying cameras or license plate trackers or (most especially) cell phone data. All of which cause you and your group to stick out.

But getting together to play a game of Warcraft with your guild. You can be anywhere in the world, and nobody will think twice about it.

With a decent codebook... Not a cipher but an out-and-out codebook, as in raiding this dungeon means "___", playing in that zone means "___", talking about the weather means "____", etc.. Well you could manage communications quite effectively across a large group of people spread across a huge geographical area while drawing very little attention.

So yeah, it's probably just somebody who wants to play games at work. I bet that's why they're using snort rather than the game client.

" The NSA is using Snort -- an open source product that anyone can download and use -- because that's a more cost-effective tool than anything they can develop in-house."

Is that just a personal stab at the NSA? I totally disagree. NSA, like many DOD groups, has long embraced using COTS where possible to get work done and keep costs down [in theory]. If Snort gets the job done and is easily modified/expanded (open source), why try to code an in-house tool that does exactly the same thing? Wouldn't make any sense.

If anything, using Snort is evidence that NSA's management and staff are making better decisions on technology than they would have back in the day. A result of Hayden's transformation of it most likely. All their subversions wouldn't have happened if they were still trying to in-house everything. They'd have wasted most of their time and money for nothing.

In retrospect, I wish Hayden had never worked there and they were still embracing GOTS for important stuff. They'd probably still be trying to get their licensed version of AT&T System 5 UNIX in a state where it could read DVD's, transition away from DECnet, and use more than two processors.

[...]
FASCIA is the NSA’s data warehouse for storing location metadata.
Documents show that about 5 billion records per day are being ingested into FASCIA. However, billions of records doesn't necessarily mean billions of phones. Your mobile device sends a record of its location each time it connects to the network or moves between cellular towers. The frequency of these records will depend on factors such as the density of users in the area and how much the individual moves around. The more you move, the more times you update your location. So one device could be responsible for dozens of records in a single day.
All this information is stored using Hadoop, an open-source software framework for storage and large-scale data processing that is derived from academic papers by Google engineers.
[...]

Is this a bad joke or did you miss the and in the sentence? Here's the entire sentence "N. Korea attempted to shutdown the financial system, as well as others, in America and S. Korea *AND* has stolen intellectual property rights and security information from S. Korea."

"All global spying is evil done by all nations on other nations for economic and military purposes. The world is too small for this thinking and we're going to all die here if we don't stop it before it's too late."

The point of my comment is that the NSA hasn't "made it ok" since plenty of other groups out there have already been doing the same and worse. The NSA aren't the trendsetters. Cyber defense is a lot harder than cyber offense and if completely disarm ourselves it would be no different than completely getting rid of our own nukes while letting other nations keep theirs. Having nuclear weapons on both sides keeps both sides from using them. For example, when China put logic bombs in the American electrical grid, investigators concluded that China wanted it to be traced back to them so that the American government would know that China has the capability of doing something like that, otherwise they would've made it untraceable.

I guess NSA will also gain from this research (we will get an even faster surveillance system):

Scientists demonstrate quantum phenomenon for the first time using a plastic film
[...]
IBM scientists around the world are focused on an ambitious data centric exascale computing program, which is aimed at developing systems that can process massive data workloads fifty times faster than today.
Such a system will need optical interconnects capable of high-speed processing of Petabytes to Exabytes of Big Data. This will enable high-performance analytics for: energy grids, life sciences, financial modelling, business intelligence and weather and climate forecasting.
[...]

Gavin
--Yeah it was a bad joke making light of a typo. I know about espionage, I believe there was some sort of attempt on my dad's company by some sketchy Korean, and I also know my dad's company doesn't really secure their operations b/c they're a small company and it would be hard to afford. It would also slow getting products done and selling. Oh also there was a large overnight break-in that was weird b/c they didn't steal some other computers w/ lots of IP that were sitting in plain site so maybe they just injected malware.

Not only logic bombs in our grid China blew up a satellite and spewed a bunch of debris in orbit; continuing to nail the coffin on our species by trapping us on Earth. That made me very mad and I think we've done it too.

All I'm trying to say (not that it matters much since the buildup has been happening through out history and has the inertia to level any barriers) if we continue this mindset as a CIA agent put it, "Lie, cheat, and steal for national interest", and the other side[s] doing the same; not only will there be no resources left, there won't be any information worthy of stealing b/c everyone is paranoid and at war.

Any efforts to actually reform this stupid buildup to mass death will be met w/ skepticism and cynicism leading to even more death and subversion.

NSA uses the global ID in Google cookies to track the people they target.

Therefore no wonder that:
1. these Google IDs are trackable in some cases even on the Tor network
2. Google uses tricks to bypass users security settings to force cookies on their systems (known to happen on at least IE and Opera)

I have to wonder as to the immense waste of taxpayer funds in these surveillance programs. The mind boggles at who in gov't thought that trolling multiplayer games was a sound investment in our national security.

It is very simple to fix this whole problem, and that problem seems to always be the USA. Everyone in the world and even the USA needs to boycott the USA. They also need to know where there data is going and ensure servers that do not touch USA. This is very simple to do but does have a cost.

The alternative, do nothing. If you do nothing, you may ask what is the USA doing with your data. They are using it to make money plain and simple. It is not for terrorism or any other grand adventure. It is to take the worlds money, just like playing poker, and knowing your opponents hand. If a company is ignorant enough to not secure their business without the USA and NSA spying, then using them is a sure fire way of destroying your business by espionage and stealing. Think how many trillions have already been stolen.

Microsoft has back doors to all its products. This includes getting rid of all microsoft products like windows and replacing it with Linux. People around the world should start writing for open source code to help linux work for the world. All companies should provide tech support and drivers for Linux.

Cisco routers have back doors to all their products and allow the USA companies in the know to learn secrets to your business.

This does not mean simply just use new encryption software. These companies built back doors and even your best encryption is not safe. Worse anyone can access your networks once the back-doors are released to the hackers.

Once trust is lost it is lost forever, and these corrupt American companies do not deserve another penny. They got funding from the USA government to take your information, and what should piss you off is they have it all right now. You have to change the game of your world business today.

Educate the next generation and your business partners. No companies in the USA on your servers period. Boycott Microsoft, Skype, XBOX, Verizon, Google, Cisco, Apple, Facebook, Yahoo, AOL, Level3, Paltalk and there are 50 companies total so far look them up.

Follow the work of the BRICS nations (Brazil,Russia,India,China,South Africa) and Europe and start to build a wall around the USA. Even Australia, you need to switch sides and abandon the USA for good. For every dollar you refuse the greater the world becomes and the more money you keep in your pocket. This includes, don’t forget, boycotting the rest of all businesses in the USA. Make the USA hurt until it turns against itself and stops screwing with the world.

We've entertaining along with, cause I stumbled upon exactly what I had been looking regarding. You have ended my four morning prolonged seek out! The lord Appreciate it gentleman. Have a excellent day. Cya